2006
DOI: 10.1007/11774716_19
|View full text |Cite
|
Sign up to set email alerts
|

On the Resilience of Key Agreement Protocols to Key Compromise Impersonation

Abstract: Key agreement protocols are a fundamental building block for ensuring authenticated and private communications between two parties over an insecure network. This paper focuses on key agreement protocols in the asymmetric authentication model, wherein parties hold a public/private key pair. In particular, we consider a type of known key attack called key compromise impersonation that may occur once the adversary has obtained the private key of an honest party. This attack represents a subtle threat that is ofte… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
15
0
1

Year Published

2007
2007
2021
2021

Publication Types

Select...
4
3
2

Relationship

0
9

Authors

Journals

citations
Cited by 29 publications
(18 citation statements)
references
References 16 publications
0
15
0
1
Order By: Relevance
“…those in [6,5,25,30]). The reason is that, the partnership in these security models are defined based mathcing conversations, so that two oracles are partnered only if they possess the same protocol transcripts (or matching conversations).…”
Section: Security Analysismentioning
confidence: 95%
“…those in [6,5,25,30]). The reason is that, the partnership in these security models are defined based mathcing conversations, so that two oracles are partnered only if they possess the same protocol transcripts (or matching conversations).…”
Section: Security Analysismentioning
confidence: 95%
“…In general, it is difficult to formally prove that a protocol is KCI-resilient, the BR93 security model [3,4] offers no formalization of KCI resilience. Indeed, it is easier to find some specific message that demonstrates that the property does not hold at all [8].…”
Section: Key Compromise Impersonation Attack On the Protocolmentioning
confidence: 96%
“…We describe some desirable security properties of AKA protocol; for further details in the security properties of AKA, see previous studies 25,26, 28, 36, 40–47 PFS Resilience (PFS‐R) : If an eavesdropper might reveal any possible pairs of secret information without both private keys (static and ephemeral secret keys) owned by the party, it should not have any effect on the secrecy of previously established session keys. UKS : If party trueA^ wants to establish a secret key with trueB^, it should not be possible that trueB^ is tricked into sharing a key with party trueC^. Key control (KC) : Both of the parties should not be able to force the session key to a preselected value of their choice. Private key security : An adversary cannot learn the initiator's static private key even if she or he is able to learn all transient secrets in any of the initiator's session. Key confirmation : It is a guarantee exactly that the responder party trueB^ owns the same computed session key of the initiator party trueA^ in the same session.…”
Section: The Security Models and The Proposed Ecke Modelmentioning
confidence: 99%